#include <linux/bitops.h>
#include <linux/skbuff.h>
#include <linux/inet.h>
+#include <net/net_namespace.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter_ipv4/ipt_recent.h>
struct recent_entry *e, *next;
unsigned int i;
- for (i = 0; i < ip_list_hash_size; i++) {
+ for (i = 0; i < ip_list_hash_size; i++)
list_for_each_entry_safe(e, next, &t->iphash[i], list)
recent_entry_remove(t, e);
- }
}
-static int
+static bool
ipt_recent_match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, bool *hotdrop)
{
const struct ipt_recent_info *info = matchinfo;
struct recent_table *t;
struct recent_entry *e;
__be32 addr;
u_int8_t ttl;
- int ret = info->invert;
+ bool ret = info->invert;
if (info->side == IPT_RECENT_DEST)
- addr = skb->nh.iph->daddr;
+ addr = ip_hdr(skb)->daddr;
else
- addr = skb->nh.iph->saddr;
+ addr = ip_hdr(skb)->saddr;
- ttl = skb->nh.iph->ttl;
+ ttl = ip_hdr(skb)->ttl;
/* use TTL as seen before forwarding */
if (out && !skb->sk)
ttl++;
goto out;
e = recent_entry_init(t, addr, ttl);
if (e == NULL)
- *hotdrop = 1;
- ret ^= 1;
+ *hotdrop = true;
+ ret = !ret;
goto out;
}
if (info->check_set & IPT_RECENT_SET)
- ret ^= 1;
+ ret = !ret;
else if (info->check_set & IPT_RECENT_REMOVE) {
recent_entry_remove(t, e);
- ret ^= 1;
+ ret = !ret;
} else if (info->check_set & (IPT_RECENT_CHECK | IPT_RECENT_UPDATE)) {
unsigned long t = jiffies - info->seconds * HZ;
unsigned int i, hits = 0;
if (info->seconds && time_after(t, e->stamps[i]))
continue;
if (++hits >= info->hit_count) {
- ret ^= 1;
+ ret = !ret;
break;
}
}
return ret;
}
-static int
+static bool
ipt_recent_checkentry(const char *tablename, const void *ip,
const struct xt_match *match, void *matchinfo,
unsigned int hook_mask)
const struct ipt_recent_info *info = matchinfo;
struct recent_table *t;
unsigned i;
- int ret = 0;
+ bool ret = false;
if (hweight8(info->check_set &
(IPT_RECENT_SET | IPT_RECENT_REMOVE |
IPT_RECENT_CHECK | IPT_RECENT_UPDATE)) != 1)
- return 0;
+ return false;
if ((info->check_set & (IPT_RECENT_SET | IPT_RECENT_REMOVE)) &&
(info->seconds || info->hit_count))
- return 0;
+ return false;
if (info->name[0] == '\0' ||
strnlen(info->name, IPT_RECENT_NAME_LEN) == IPT_RECENT_NAME_LEN)
- return 0;
+ return false;
mutex_lock(&recent_mutex);
t = recent_table_lookup(info->name);
if (t != NULL) {
t->refcnt++;
- ret = 1;
+ ret = true;
goto out;
}
spin_lock_bh(&recent_lock);
list_add_tail(&t->list, &tables);
spin_unlock_bh(&recent_lock);
- ret = 1;
+ ret = true;
out:
mutex_unlock(&recent_mutex);
return ret;
static void *recent_seq_start(struct seq_file *seq, loff_t *pos)
{
struct recent_iter_state *st = seq->private;
- struct recent_table *t = st->table;
+ const struct recent_table *t = st->table;
struct recent_entry *e;
loff_t p = *pos;
spin_lock_bh(&recent_lock);
- for (st->bucket = 0; st->bucket < ip_list_hash_size; st->bucket++) {
- list_for_each_entry(e, &t->iphash[st->bucket], list) {
+ for (st->bucket = 0; st->bucket < ip_list_hash_size; st->bucket++)
+ list_for_each_entry(e, &t->iphash[st->bucket], list)
if (p-- == 0)
return e;
- }
- }
return NULL;
}
return 0;
}
-static struct seq_operations recent_seq_ops = {
+static const struct seq_operations recent_seq_ops = {
.start = recent_seq_start,
.next = recent_seq_next,
.stop = recent_seq_stop,
static int recent_seq_open(struct inode *inode, struct file *file)
{
struct proc_dir_entry *pde = PDE(inode);
- struct seq_file *seq;
struct recent_iter_state *st;
- int ret;
- st = kzalloc(sizeof(*st), GFP_KERNEL);
+ st = __seq_open_private(file, &recent_seq_ops, sizeof(*st));
if (st == NULL)
return -ENOMEM;
- ret = seq_open(file, &recent_seq_ops);
- if (ret)
- kfree(st);
+
st->table = pde->data;
- seq = file->private_data;
- seq->private = st;
- return ret;
+ return 0;
}
static ssize_t recent_proc_write(struct file *file, const char __user *input,
};
#endif /* CONFIG_PROC_FS */
-static struct xt_match recent_match = {
+static struct xt_match recent_match __read_mostly = {
.name = "recent",
.family = AF_INET,
.match = ipt_recent_match,
#ifdef CONFIG_PROC_FS
if (err)
return err;
- proc_dir = proc_mkdir("ipt_recent", proc_net);
+ proc_dir = proc_mkdir("ipt_recent", init_net.proc_net);
if (proc_dir == NULL) {
xt_unregister_match(&recent_match);
err = -ENOMEM;
BUG_ON(!list_empty(&tables));
xt_unregister_match(&recent_match);
#ifdef CONFIG_PROC_FS
- remove_proc_entry("ipt_recent", proc_net);
+ remove_proc_entry("ipt_recent", init_net.proc_net);
#endif
}
projects / linux-2.6 / blobdiff